Confused on Steam Play and Proton? Be sure to check out our guide.
We do often include affiliate links to earn us some pennies. See more here.

If you're dealing with Linux servers, or you have an active OpenSSH Server on your desktop, you may want to look into regreSSHion.

Made public by Qualys today, who you might remember from the vulnerabilities in the GNU C Library they announced earlier this year. Their latest discovery is actually a regression, but quite a serious one. Tagged as CVE-2024-6387 it's "a signal handler race condition in OpenSSH’s server (sshd), allows unauthenticated remote code execution (RCE) as root on glibc-based Linux systems".

Their research showed it's a regression of CVE-2006-5051, which was reported in 2006 but then introduced again as an issue going back to October 2020 (OpenSSH 8.5p1). Woops.

Here's what they said about:

This vulnerability, if exploited, could lead to full system compromise where an attacker can execute arbitrary code with the highest privileges, resulting in a complete system takeover, installation of malware, data manipulation, and the creation of backdoors for persistent access. It could facilitate network propagation, allowing attackers to use a compromised system as a foothold to traverse and exploit other vulnerable systems within the organization.

Moreover, gaining root access would enable attackers to bypass critical security mechanisms such as firewalls, intrusion detection systems, and logging mechanisms, further obscuring their activities. This could also result in significant data breaches and leakage, giving attackers access to all data stored on the system, including sensitive or proprietary information that could be stolen or publicly disclosed.

This vulnerability is challenging to exploit due to its remote race condition nature, requiring multiple attempts for a successful attack. This can cause memory corruption and necessitate overcoming Address Space Layout Randomization (ASLR). Advancements in deep learning may significantly increase the exploitation rate, potentially providing attackers with a substantial advantage in leveraging such security flaws.

See all in their announcement.

Article taken from GamingOnLinux.com.
16 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly checked on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly. You can also follow my personal adventures on Bluesky.
See more from me
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
6 comments

I like the nickname for it. lol
birdip Jul 1
Note that you should restart your openssh daemon right after updating the package. Otherwise it is possible that you are locked out from your server!
See e.g. here: https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/
  • Supporter Plus
You may also as a temporary fix mitigate the issue by setting "LoginGraceTime 0" in your SSH configuration.
Taros Jul 2
You may also as a temporary fix mitigate the issue by setting "LoginGraceTime 0" in your SSH configuration.
"Set LoginGraceTime to 0 in /etc/ssh/sshd_config. This makes sshd
vulnerable to a denial of service (the exhaustion of all MaxStartups
connections), but it makes it safe from this vulnerability."
https://ubuntu.com/security/CVE-2024-6387
  • Supporter Plus
You may also as a temporary fix mitigate the issue by setting "LoginGraceTime 0" in your SSH configuration.
"Set LoginGraceTime to 0 in /etc/ssh/sshd_config. This makes sshd
vulnerable to a denial of service (the exhaustion of all MaxStartups
connections), but it makes it safe from this vulnerability."
https://ubuntu.com/security/CVE-2024-6387
Yup, but it's a temporary measure until you can properly patch things, after all. A DoS is better than remote code execution in my opinion.

Relevant info for RHEL folks:
https://access.redhat.com/security/cve/cve-2024-6387
F.Ultra Jul 3
View PC info
  • Supporter
Note that you should restart your openssh daemon right after updating the package. Otherwise it is possible that you are locked out from your server!
See e.g. here: https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/

Doesn't Arch do that automatically? DEB based distributions all restart the running demon when the package is installed/upgraded.
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
Login / Register